Support for required jwt-required-claims and jwt-certify-claims

[ElChemso]

flask-jwt describes usage of the jwt-required-claims and jwt-certify-claims but neither are implemented.

It would be good if flask-jwt-extended implemented it.

[vimalloc]

Sounds reasonable to me. It may take a little bit, but I'll see about getting this implemented soon.

Cheers 👍

[psafont]

For the first one having pyjwt pull this request would be ideal: jpadilla/pyjwt#280

[vimalloc]

Indeed 👍 . I'll wait on that for a bit to see if any progress is made on that being merged.

[vimalloc]

I added a generalized callback method that will allow you to verify the custom claims in the access tokens. This will allow you to check if the keys exists, as well as do additional verification as desired.

This adds two new callback loader methods to verify user_claims and change the return value if the user_claims verification fails

# Old function, unchanged
@jwt.user_claims_loader
def add_custom_claims(identity):
    return {
        'foo': 'bar',
        'baz': 'boom'
     }

# New function, verify the user claims in an access token
@jwt.claims_verification_loader
def verify_user_claims(user_claims):
    expected_keys = ['foo', 'baz']
    for key in expected_keys:
        if key not in user_claims:
            return False
    return True

# New function, change the return value if user claims verification failed.
# You don't have to implement this one, this is just so you can change the
# return value if you don't like the default implementation.
@jwt.claims_verification_failed_loader
def failed_user_claim_verification_error():
    return jsonify({'msg': 'Access token is missing key 'foo' or 'baz'}), 404

I'll get a new version with this pushed out to pip soon.

Cheers

[vimalloc]

Released as version 3.2.0